Note that the focus here is on a Linux environment, but the process is similar with other Unix-like firewall/IDS environments as well. Please familiarize yourself with part one of this article before continuing on with this paper. Testing your firewall - third example, ICMP echo requests The example shown below is a simple ICMP echo request to see if a machine is alive, in this case our test machine.

This time there is one packet received as was noted above, and the round trip time is shown.
Optimizing NIDS Performance. Introduction Network intrusion detection systems (NIDSs) face some of the most gruelling challenges of any security product. Not only is the bandwidth these devices monitor increasing, so are the amount of attacks they must guard against. The combination of these two factors could overwhelm a NIDS, causing it to drop packets. To help the NIDS keep up with the demands of today’s networks, and the wide variety of threats that besiege them, there are a number of things that the NIDS administrator can do to improve the performance of their NIDS.

This article will examine some of those options. Review The NIDS Deployment Policy Before doing anything, the NIDS administrator needs to review the current NIDS deployment policy. Filtering Signatures. Testing security with hping. Internet Security Guru. Armor Your Palace. A guide to securing your home and home network with inexpensive hardware, open source software and about 8 hours of dedicated time.

This is a living document, updated on a regular basis to reflect additional best practice methodologies, tips and tricks as they become available. In this guide, we will walk you through the process of building and configuring security systems to protect your home and home/office network through the use of motion-sensing digital security cameras, advanced firewalls, intrusion detection systems, and realtime notification mechanisms. In a mere eight hours, we will endeavor to build and configure a moderately sophisticated wired and wireless home or office LAN with a DMZ for public-facing services, strong ingress and egress filtering for all connected subnets and a realtime risk management console with live monitoring and alerts by email and/or telephone!

Join me on SearchSecurity.com today! It's no secret that a layered security strategy is the key to protecting enterprise networks from malicious intrusions. And one of the major components in that strategy is having solid intrusion detection and intrusion prevention technology and supporting processes. This guide is a compilation of SearchSecurity.com's best resources on intrusion detection and prevention . Here, security professionals will gain some insight on the basics of network intrusion detection systems by learning how to determine which IDS/IPS technology is right for their enterprises as well as the key differences between the IDS and IPS technologies.
Hacking Linux Exposed. Intrusion Detection FAQ - The Internet&#039;s most trusted site for vendor neutral intrusion detection information.